Cloud303 Enhances TruU’s Passwordless Authentication with AWS Rekognition

AI/ML

DevOps

  • 15 February 2024
Share this post
[Sassy_Social_Share]
AWS Funding Secured by Cloud303
  • Well-Architected

About the Customer

TruU is a company focused on revolutionizing identity management in the workplace by providing a highly secure, passwordless authentication experience that spans both digital and physical realms. Founded by cybersecurity and data science experts in 2017, TruU aims to eliminate the primary security risk of passwords through its innovative solution that is easy to deploy and scalable for enterprise use.

Executive Summary

In a digital era where 81% of hacking-related breaches leverage either stolen and/or weak passwords, TruU, a leading AI security company, has pioneered the frontier of passwordless authentication to fortify defenses for Fortune 500 enterprises. This case study encapsulates TruU's strategic collaboration with Cloud303 to integrate AWS Rekognition into their products, TruIdentity Cloud™ and TruPresence™. This integration has reinforced their authentication framework with robust AI-powered facial recognition and significantly augmented their fraud detection capabilities.

TruU's TruIdentity Cloud™ utilizes a continuous AI engine that scrutinizes a myriad of behavioral and environmental signals to construct a comprehensive identity profile. Concurrently, TruPresence™ revolutionizes user authentication by employing proximity-based machine learning to provide seamless access. By harnessing the analytical prowess of AWS Rekognition, TruU has adeptly enhanced its identity verification process, establishing a new benchmark in user convenience and security.

Cloud303's expertise has been instrumental in this technological leap, developing a .NET-based SOAR service that acts as the nerve center for TruU’s enhanced security architecture. This service meticulously monitors behavioral biometrics, such as keystroke dynamics and voice patterns, to detect anomalies indicative of fraudulent activity. Upon such detections, the service promptly triggers a high-resolution camera capture for real-time facial recognition via AWS Rekognition, ensuring an immediate verification response.

The result is a sophisticated, multi-faceted authentication system that not only expedites the user experience but also erects a formidable barrier against potential security breaches.

The Challenge

TruU's quest for unparalleled security encountered formidable challenges, notably in maintaining the integrity of photo-based facial recognition. The accuracy of user authentication was contingent on the quality of user-provided images—a critical factor that could not be compromised. Additionally, TruU needed to augment their mobile app and backend server to facilitate expeditious image analysis and processing, all while preserving a fluid user experience.

The integration of facial recognition into their existing passwordless ecosystem presented another layer of complexity, demanding a solution that would dovetail with the current infrastructure without sacrificing the enhanced security facial recognition offered.

Why Cloud303?

  • Expertise in AI/ML Solutions Cloud303 possesses in-depth knowledge and expertise in a wide range of machine learning algorithms and artificial intelligence models. Whether it's natural language processing, computer vision, or predictive analytics, Cloud303 is equipped to design, train, and deploy models that deliver actionable insights and drive business value.
  • Ethical and Responsible AI Ethical considerations in AI/ML are crucial, ranging from bias mitigation to data privacy. Cloud303 adheres to ethical guidelines and best practices in AI, ensuring that models are not only efficient but also fair, transparent, and responsible.
  • Scalable Data Processing Managing the massive datasets that feed AI/ML models is a significant challenge. Cloud303 provides scalable data processing solutions, optimizing both storage and computational capabilities. This ensures that your AI/ML models are trained efficiently and can scale seamlessly with your data requirements.
  • Proven Track Record Whether it's navigating complex data migrations, implementing scalable AI/ML models, or setting up robust DevOps pipelines, Cloud303 has consistently demonstrated its ability to deliver, making it a go-to partner for businesses with complex technical needs.

Engagement Overview

Cloud303's engagements follow a streamlined five-phase lifecycle: Requirements, Design, Implementation, Testing, and Maintenance. Initially, a comprehensive assessment is conducted through a Well-Architected Review to identify client needs. This is followed by a scoping call to fine-tune the architectural design, upon which a Statement of Work (SoW) is agreed and signed.

The implementation phase kicks in next, closely adhering to the approved designs. Rigorous testing ensures that all components meet the client's specifications and industry standards. Finally, clients have the option to either manage the deployed solutions themselves or to enroll in Cloud303's Managed Services for ongoing maintenance, an option many choose due to their high satisfaction with the services provided.

The Solution

The Challenge Addressed

TruU's exploration of AWS Rekognition emerged from the need for a high-caliber facial recognition service that could scale without the encumbrance of substantial infrastructure. AWS Rekognition's machine learning prowess and cloud-based capabilities promised to strengthen TruU's authentication process and enrich the user experience. Cloud303's solution architecture was meticulously designed to meet these challenges. It involved the development of a .NET-based SOAR service, which became the linchpin of the security orchestration within TruU's ecosystem. This service was complemented by an intricate array of AWS services and custom machine learning models to create a comprehensive, real-time security response system.

How It Works: A User-Centric Approach

The enrollment and re-enrollment workflows are user-centric processes designed to be both secure and intuitive. Users initiate their journey by capturing a high-quality facial image via their smartphone. This image triggers backend processes, including an AWS Lambda function, which in turn invokes AWS Rekognition for facial analysis. A face ID is generated and stored, along with pertinent metadata, in Amazon DynamoDB—yet no actual images are retained.

Re-enrollment follows a similar paradigm, with the added sophistication of facial comparison to ensure the user's identity matches the previously indexed face. The backend system's role is pivotal, managing these operations seamlessly while prioritizing data security.

Behavioral Biometrics Integration

At the heart of TruU's enhanced security strategy is the integration of behavioral biometrics, which encompasses the analysis of typing dynamics and voice patterns to construct a unique profile for each user. TruU's system constantly evolves through machine learning models hosted on Amazon SageMaker, which refines the detection algorithms based on a growing dataset of behavioral patterns. This allows for the system to not only adapt to each user’s behavior over time but also to become more resilient against fraudulent access attempts. This is achieved through the following components:

Keystroke Dynamics - TruU deploys a sophisticated keystroke dynamics engine that utilizes deep learning algorithms to measure the timing intervals of key presses and releases, thus generating a distinct typing pattern for each user.

Voice Pattern Analysis - A voice biometrics system, powered by advanced signal processing algorithms, analyzes over a hundred characteristics of speech, building a voice signature that complements the user's biometric profile.

Continuous AI Engine - TruIdentity Cloud™ incorporates a proprietary AI engine that processes and correlates environmental and behavioral data, including the biometric profiles created by the keystroke and voice analysis systems, enhancing the accuracy of user verification.

Fraud Detection: A Proactive Stance

Cloud303 deployed an event-driven architecture that seamlessly integrates AWS Lambda, AWS Rekognition, and Amazon SageMaker to enhance its fraud detection capabilities. This sophisticated system provides a proactive and robust security posture against impersonation and fraudulent activities.

Custom .NET Service on AWS Lambda - At the core of this security enhancement is a custom .NET service, developed by Cloud303 and hosted on AWS Lambda. This serverless SOAR solution capitalizes on the scalability and flexibility of AWS Lambda to monitor real-time user interactions for behavioral anomalies. By leveraging the serverless architecture, the service can efficiently process vast streams of data without the overhead of managing server infrastructure, ensuring that the system remains both responsive and cost-effective.

Behavioral Anomaly Detection with SageMaker - The heart of the fraud detection mechanism lies in its ability to analyze keystroke dynamics and voice pattern analysis. TruU utilizes machine learning models hosted on Amazon SageMaker endpoints to scrutinize these behavioral biometrics meticulously. These models are trained on extensive datasets to identify subtle deviations that may indicate fraudulent attempts at access or impersonation. When an anomaly is detected, it triggers the event-driven workflow, signaling the need for immediate verification.

Real-Time Facial Verification with AWS Rekognition - Upon detection of a behavioral anomaly, the .NET service on AWS Lambda initiates a real-time response protocol. It prompts the TruU mobile application to activate the device's camera to capture a high-quality image of the user. This image is then processed by AWS Rekognition for live facial recognition, comparing the captured image against the stored biometric profiles to confirm the user's identity. This integration not only adds an additional layer of security by verifying physical presence but also does so in a manner that is seamless and non-intrusive to the user experience.

Engineer Quote

We crafted a security ecosystem that's innovative and deeply aligned with the needs of modern identity management. Leveraging AWS Rekognition, we've enabled TruU to scale its facial recognition capabilities without the burden of heavy infrastructure.

Robert Boyer Co-founder/VP of AI/ML, Cloud303

Outcomes

The collaboration with Cloud303 yielded a 40% enhancement in image processing speed and a 15% increase in facial recognition accuracy. These advancements were paralleled by a 25% cost reduction in infrastructure and maintenance, courtesy of the AWS Rekognition managed services.

The collaboration with Cloud303 yielded a 40% enhancement in image processing speed.